Roku obfuscation rules

Obfuscation rules let you mask sensitive data before the agent transmits it to New Relic. Each rule is a regex pattern paired with a replacement string. The agent applies rules in order to every string attribute value in every outgoing event — including QoE events and crash-recovered events.

You can configure the agent with regex-based obfuscation rules to mask sensitive data before the agent sends events to New Relic. Use this feature when fields like contentSrc, contentTitle, origUrl, or custom attributes may inadvertently contain user IDs, tokens, or other PII.

The agent applies rules to every string attribute in every outgoing event — including video, ad (RAF and IMA), QOE, system, and custom events — before the event enters the internal buffer.

Configuration

Call nrSetObfuscationRules after you create the agent. Each rule is an associative array with a regex string and a replacement string:

m.nr = NewRelic("ACCOUNT_ID", "API_KEY", "APP_NAME", "APP_TOKEN")
nrSetObfuscationRules(m.nr, [
    { regex: "account-[0-9]+",  replacement: "ACCOUNT_ID" },
    { regex: "token=[^&]+",     replacement: "token=REDACTED" },
    { regex: "/users/[^/]+",    replacement: "/users/USER_ID" }
])

To remove all rules at runtime, call nrSetObfuscationRules with an empty array:

nrSetObfuscationRules(m.nr, [])

Rule ordering

The agent applies rules in the order they appear in the array. The output of one rule becomes the input to the next. Order matters when patterns could overlap:

nrSetObfuscationRules(m.nr, [
    ' Applied first — masks the specific token format
    { regex: "auth-token-[a-z0-9]+", replacement: "AUTH_TOKEN" },
    ' Applied second — masks any remaining bare token references
    { regex: "token=[^&]+",          replacement: "token=REDACTED" }
])

Behavior and edge cases